Today, we will discuss a critical security vulnerability found in the Woodmart theme for WordPress. This vulnerability, designated as CVE-2024-12333, affects all versions of the theme up to, and including, version 8..3. This vulnerability can result in arbitrary shortcode execution by an unauthenticated attacker due to improper value validation in the "woodmart_instagram_ajax_query" AJAX action.

Vulnerability Overview

The Woodmart WordPress theme is widely used for creating modern and sleek online store websites. However, the theme contains a serious security vulnerability - arbitrary shortcode execution due to improper validation in one of its AJAX actions. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes, potentially leading to unauthorized access, data theft, or even control over the affected website.

Code Snippet

The vulnerable code can be found inside the ajax.php file, located within the "inc" folder of the Woodmart theme. Below is a snippet of the code:

add_action('wp_ajax_woodmart_instagram_ajax_query', 'woodmart_instagram_ajax_query');
add_action('wp_ajax_nopriv_woodmart_instagram_ajax_query', 'woodmart_instagram_ajax_query');

function woodmart_instagram_ajax_query() {
    $response = '';

    if ( isset($_POST['query']) ) {
        $response = do_shortcode( sanitize_text_field( wp_unslash( $_POST['query'] ) ) );
    }

    wp_send_json_success( array( 'output' => $response ) );
    die();
}

By examining the code above, we can notice that the function woodmart_instagram_ajax_query() is not properly validating the $_POST['query'] value before running do_shortcode() on it. This lack of validation makes it possible for an attacker to execute arbitrary shortcodes.

Original References & Resources

- Woodmart Theme Homepage
- WordPress Plugin Security Scanner
- Common Vulnerabilities and Exposures Database
- WordPress Official Documentation: Shortcode API

Exploit Details

To exploit this vulnerability, an attacker can send a specially crafted HTTP POST request to the affected WordPress site using the "woodmart_instagram_ajax_query" AJAX action. The attacker can then include their desired shortcode within the "query" value of the POST request, which the Woodmart theme will execute without proper validation.

For example, the attacker may send the following HTTP POST request

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

action=woodmart_instagram_ajax_query&query=[shortcode_here]

By replacing shortcode_here with their desired custom shortcode, the attacker can potentially execute malicious actions, such as gaining unauthorized access or stealing sensitive data. Due to the severe implications of this vulnerability, it is highly recommended for users of the Woodmart theme to update their installations immediately.

Conclusion

The CVE-2024-12333 vulnerability is a highly critical issue in the Woodmart theme for WordPress, affecting versions up to and including 8..3. The lack of proper validation within the AJAX action results in arbitrary shortcode execution, which can have disastrous consequences for the affected websites. Users of Woodmart should ensure that they update their theme installation to the latest version and continuously monitor their website for any signs of potential attacks.

Timeline

Published on: 12/12/2024 09:15:05 UTC